The Future of Internal Audit

The Future of Internal Audit

  • Overview
  • Course Outline
  • Workshop Instructions:


Key Topics :
  • Essential Audit Techniques
  • Fraud Risk Management
  • Implementing Audit Analytics
  • Measure IA Success (KPI’s)
  • Auditing Cybersecurity Risks
Course Director:
Phil Griffiths, FCA
CEO of Business Risk Management Ltd.

A Chartered Accountant, he has over 35 years’ experience in Risk Management, Corporate
Governance, Internal Audit and Fraud Prevention as practitioner, professional adviser, facilitator and trainer.

Why Should Attend:
  • The Internal audit function is increasingly regarded as a business partner, a catalyst for
    change and a Governance advisor.
  • You therefore need your internal audit function to become a trusted advisor and internal
  • The course represents a superb opportunity to develop new approaches to the difficult
    challenges facing modern audit functions
  • The workshop also provides the platform to focus the key role of IA to this fast changing
After completing this course you will be able to:
  • REFOCUS the audit role to become a strategic advisor
  • DEAL with the ever changing audit challenges
  • DEMONSTRATE measurable value to the business
  • IMPLEMENT the latest IIA guidance
  • APPLY updated audit analytics techniques
  • APPRECIATE the additional skills required by the modern auditor
  • DEVELOP an audit approach to help the organization better deal with the new world order
  • AUDIT business areas which may have not been previously covered
  • AUDIT cybersecurity risks
CPE Credits:

Business Risk Management Ltd is a NASBA certified training provider and Participants
will earn 9 CPE credits in the Auditing field of study

Course Outline

Day One : The Challenges for Internal Audit
The need for Internal Audit to be a strategic advisor
  • New IIA Code of Conduct
    • Helping the Board to protect the assets, reputation and sustainability of the
    • Internal audit should have the right to attend and observe all or part of executive
      committee meetings
    • The primary reporting line for the chief internal auditor should be to the chair of
      the Audit Committee.
  • New IIA Audit Executive guidance
  • New IIA paper on models of effective IA will be shared
  • Deciding the strategic direction for your function
  • Pulse of the profession survey results
  • IIA becoming more effective guidance will be shared
  • ECIIA research paper – making the most of the IA function
  • Ensuring effective communication lines between the CAE and the board
  • Gaining assurance regarding the quality of the function’s work.
  • Overseeing the relationship between the IA function and the organisation’s centralised
    risk monitoring function.
Exercise One – Dealing with the new challenges


The latest developments in IA
  • New guidance and its implications
  • Aligning strategic audit plans with significant business risks
  • Dealing with unacceptable risk – escalation with senior management
  • Gathering information from multiple engagements
  • Direct relationships with the Board (not only the Audit Committee)
  • The role in fraud risk management
  • Evaluating ethics programmes
  • Imperatives for change – IIA standards
  • An effectiveness of IA checklist will be shared
  • Making the most of IA – new IIA paper
Exercise Two – Dealing with the new requirements


The need to enhance the consultancy role
  • The IIA standards
  • Why consultancy should be encouraged
  • The difference in approach
  • How to document these assignments
  • Reporting consultancy assignments
  • Audit by workshop
  • Facilitation –do’s and don’ts
Exercise Three – How to convince management that consultancy is the
direction for Internal Audit


The evolving audit skill set
  • Why auditors need leadership skills
  • The need for the ability to influence experts
  • The IIA competency framework
  • Diplomacy
  • Open -mindedness
  • Persuasiveness
  • Negotiation ability
  • Self-motivation and self confidence
  • Decision making ability
  • Flexibility and ability to co-operate
  • Effective Time management
  • Flexibility and ability to co-operate
  • Self- control
  • Practicality
  • Results focus
  • Investigative skills
  • Building trust
  • New IIA paper on influencing skills will be shared
Exercise Four – Updating the IA skill set to meet the new challenges


Implementing audit analytics
  • The use of analytical tools
  • The process of data mining
  • Applications of CAAT’s
  • Fuzzy matching
  • Data Validation
  • Trend and pattern analysis
  • Neural networks
  • Benford’s Law and it’s importance in analytics
  • Auditing big data
  • Implications of IIA GTAG – understanding and auditing big data
  • The use of Internal and external databases
  • How to put the techniques into use in your organisation.
  • Practical uses of data analytics and the results achievable
Exercise Five – Use of data analytics


Continuous auditing
  • The IIA Global Technology Audit Guide (GTAG)
  • The practicalities of continuous auditing
  • Paper – fantasy or reality
  • Continuous assurance – new guidance
  • Continuous auditing and continuous monitoring
  • The use of CAAT’s for continuous auditing
  • Continuous risk assessment techniques
  • Examples of continuous auditing
  • A paper on continuous audit using ACL will be shared
  • New GTAG on audit sampling
Exercise Six –Opportunities for continuous auditing


Day Two : Adding measurable value to the business
The need to measure IA success (KPI’s)
  • The requirement for IA to add measurable value
  • The need for SMART KPI’s
  • The KPI categories
  • Audit Coverage
    • Overall plan
    • Audit Universe
    • Key risks
    • Major systems
    • Geographical of functional
  • Efficiency
    • Timeliness
    • Implementation of actions agreed
    • Achievement of the 3 E’s
    • Staff utilisation
  • Benefits
    • Monetary savings
    • Over-managed risks reduced
    • Unnecessary controls removed
    • Ideas shared
    • Extent of reliance external audit can take
  • Customer service
    • Audit customer feedback
    • Board and Audit Committee feedback
    • Number of requests
Exercise Seven – Determining effective KPI’s


Opportunity Auditing
  • Why risk can be an opportunity in disguise (e.g. Failure to innovate)
  • Why specifically targeting significant areas of business opportunities can deliver major
    measurable benefits
  • Many business opportunities are overlooked by the business because management are
    too busy
  • With budgets under even greater scrutiny, demonstrating value for money is more
    important than ever
  • The need for an opportunity register
  • Opportunity audit topics
    • Travel management
    • Mobile communications
    • Insurance
    • Consultancy
    • Energy management
    • Budgeting
    • Meetings management
    • Decision making
Exercise Eight–Selecting opportunity audit topics


How to identify over-managed risks and unnecessary controls
  • These are likely to be the risks in the green zone of the risk matrix
  • Why unnecessary controls are often not removed
  • Why Internal Audit does not focus on this aspect
  • When did you last suggest reducing controls?
  • Challenge ‘we have always done it this way’
  • Do we have to do it?
  • What are the benefits / penalties associated?
  • Can you reduce effort in some areas to give time and resource for the priorities?
  • Case study
Exercise Nine–How to identify over-managed activities


Auditing Cybersecurity risks
  • Statistics about cybersecurity crime
  • Profiles of the Attackers
  • Anatomy of a Breach
  • How to prevent Cyber Incidents
  • Network Controls (Internal and External)
  • Domain and Password Controls
  • Access rights and User Awareness
  • Application Security
  • Secure Software Development environment
  • Data Controls | Encryption
  • Vulnerability Management
  • Security Testing
  • Social Media risks
  • ISO 27000
Exercise Ten – Cybersecurity risks


Extending the audit coverage
  • Auditing the least covered business aspects
    • Social Media
    • The web site
    • Strategic planning
    • Product/ service development
    • Changes in Government policy
    • Economic changes impacting the business
    • Customer relationship management
    • Sustainability
    • Extreme events
    • The regulatory environment
    • Business Innovation
    • Corporate communication
    • Demographic changes and business impact
Exercise Eleven – Delegates will select 2 topics and determine the audit


Workshop Instructions:

  • Regular Fee: USD 630 Per Participant (Plus VAT)
  • Team Offer: Pay for 2 and register 3rd for free.
  • For registration (s) send us your Name, Designation, Organization, and Mobile Number to [email protected]
  • For More Information please contact: Qazi Waqas Ahmed Mobile: +971 56 309 0819; Email: [email protected]

Registration Form